Zcash
Papers
Ian Miers, Christina Garman, Matthew Green, Aviel D. Rubin
S&P'13 (not full version)
Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, Madars Virza
S&P'14
Karl W¨ust, Sinisa Matetic, Moritz Schneider (ETH Zurich), Ian Miers, KariKostiainen, and Srdjan Capkun
Challenges of Zcash's SPV node
Applying the same model is not possible without revealing the client’s decryption key to the server so that it can perform the trial decryption for transactions, and thus completely breaking the privacy properties
Simply notifying users that they received funds is not sufficient to use them for new payments in Zcash.
To spend funds, users must provide the witness of a Merkle tree (commitment tree)
Moreover, this information is not static and it needs to be updated as new transactions are added to the tree
Proposal: Light clients receive transactions aided by a server equipped with a TEE
George Kappos, Haaroon Yousaf, Mary Maller, Sarah Meiklejohn
Auditablity
Selective Disclosure & Shielded Viewing Keys
Christina Garman, Matthew Green, Ian Miers
FC'16
Handle policies to enforce regulations, KYC/AML laws, and taxes
Regulatory type
Spending limit: no transaction over the limit is valid unless signed by an authority
Simulation-based security definitions for Decentralized Anonymous Payment (DAP) scheme
Ken Naganuma and Masayuki Yoshino and Hisayoshi Sato and Takayuki Suzuki (Hitachi)
EuroS&PW'17
Designated auditor link the origin and destination of anonymous transactions.
The auditor doesn’t have other authorities e.g. stopping transfers, confiscating funds, and deactivating accounts.
Concurrent work of (GGM, FC'16)
Yihan Jiang, Yong Li, Yan Zhu
ICCSP'19
Specs
Tutorials
osuke.icon's notes